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DIGITAL AUTHENTICATION OVER ACOUSTIC CHANNEL 

CROSS-REFERENCE TO RELATED APPLICATIONS 

This application is a continuation-in-part of U.S. Application No. 10/625,710 filed 
July 22, 2003 and entitled "Digital Authentication Over Acoustic Channel," which is 
a continuation-in-part of U.S. Application No. 10/139,873 filed May 6, 2002 and 
entitled "System and Method for Acoustic Two Factor Authentication," which is a 
continuation-in-part of U.S. Application No. 10/077,365 filed February 15, 2002 and 
entitled "Method and Apparatus for Simplified Audio Authentication," all of which 
are assigned to the same assignee and herein incorporated by reference. 

This application is also related to the following, all of which are assigned to the 
same assignee of this application. 

Co-pending U.S. Application No. 09/611,569 filed July 7, 2000 and entitled 
"Method and Apparatus for Secure Identity Authentication With Audible Tones." 

Co-pending U.S. Application No. 10/356,144 filed January 30, 2003 and entitled 
"Wireless Communication Using Sound." 

Co-pending U.S. Application No. 10/356,425 filed January 30, 2003 and entitled 
"Communication Using Audible Tones." 

BACKGROUND 

Field of Invention 

[0006] The invention generally relates to authentication, and more particularly to digital 
authorization of entities using sound. 

Description of the Related Art 
[0007] With the growth of electronic commerce, use of public communication 

infrastructure, such as the Internet, to access various secure networks, systems and/or 
applications has also grown. For example, users may gain access to banks (online or 
by automatic teller machines (ATM)), a private network such as an intranet, a secure 
server or database, and/or other virtual private network (VPN) over a public 
communication infrastructure by digital authentication. 
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[0008] However, with the introduction of a system of communication wherein face-to- 
face contact is not possible, opportunities for fraudulent or unauthorized access have 
increased. Misappropriated identity in the hands of wrongdoers may cause damage to 
individuals, organizations or other entities. 

[0009] To prevent unauthorized access, various security schemes have been developed to 
verify user or entity identification such that only authorized entities are given access. 
One technique for user authentication and access control can be implemented by a 
access code generating device, such as a token. Here, a unique access code is 
periodically generated displayed to a user. Typically, the access code is generated 
from an algorithm that is based on a secure information and the current time. The 
user is then required to input the currently displayed access code to gain access. 

[0010] In some systems, a password is also required to gain access. These types of 
systems are known as the two-factor authentication. Two-factor authentication is 
typically based on something that a user has, for example the token, and something 
that a user knows, such as the password. Because both pieces of information are used 
to authenticate a user, systems implementing the two-factor authentication may be 
less susceptible to attacks than a single-factor authentication. 

[0011] While a token as described above may prevent unauthorized access, it is 

cumbersome because users must manually enter each access code during each access. 
Also, errors are more likely to occur due to the manual input of the access code. In 
some systems, a user is required to input the access code more than once during each 
access, which increases the inconvenience and possibility of errors. Furthermore, 
because the access code may be based on time and is continuously displayed, a 
constant computation may be required by the token, thereby shortening the battery life 
of the token. 

[0012] Therefore, there is a need for a more efficient, more convenient and/or more 
secure way to implement a control access system using a device. 

SUMMARY 

[0013] Embodiments disclosed herein address the above stated needs by providing a 

method for security in a data processing system. 
[0014] In one aspect, an apparatus for use in authentication comprises a storage medium 

configured to store a cryptographic key and a look up table (LUT); a first processor 
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coupled to the storage medium, configured to generate an access code using the 
cryptographic key; a converter coupled to the processor, configured to convert the 
access code into multiple tones encoded with the access code; and an audio output 
unit configured to output the multiple tones encoded with the access code for 
authentication; wherein the converter may comprise a binary phase shift keying 
(BPSK) module configured to generate multiple parallel BPSK symbols, and a second 
processor coupled to the BPSK module and the storage medium, configured to 
convert the BPSK symbols into the multiple tones using the LUT. Here, either one of 
the first or second processor may be configured to repeat the BPSK symbols a 
selected number of time; and the second processor may then convert repeated BPSK 
symbols into the multiple tones. 
[0015] In another embodiment, an apparatus for use in authentication may comprise a 

storage medium configured to store a cryptographic key and a look up table (LUT); a 
processor coupled to the storage medium, configured to generate an access code using 
the cryptographic key; a converter coupled to the processor, configured to convert the 
access code into multiple tones encoded with the access code; and an audio output 
unit configured to output the multiple tones encoded with the access code for 
authentication; wherein the converter may comprise a binary phase shift keying 
(BPSK) module configured to generate multiple parallel BPSK symbols; and wherein 
the processor is configured to convert the BPSK symbols into multiple tones using the 
LUT. 

[0016] In still another embodiment, a method for use in authentication may comprise 
storing a cryptographic key and a look up table (LUT); generating an access code 
using the cryptographic key; generating multiple parallel BPSK symbols based upon 
the access code; converting the BPSK symbols into multiple tones encoded with the 
access code using the LUT; and outputting the multiple tones encoded with the access 
code for authentication. The method may further comprise repeating the BPSK 
symbols a selected number of times before converting the BPSK symbols. Here, 
repeating the BPSK symbols may comprise repeating a set of three BPSK symbols the 
selected number of times; and converting the BPSK symbols may comprise 
converting each set of three BPSK symbols into the multiple tones using the LUT. 

[0017] In a further embodiment, an apparatus for use in authentication may comprise 
means for storing a cryptographic key and a look up table (LUT); means for 
generating an access code using the cryptographic key; means for generating multiple 
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parallel BPSK symbols based upon the access code; means for converting the BPSK 
symbols into multiple tones encoded with the access code using the LUT; and means 
for outputting the multiple tones encoded with the access code for authentication. The 
apparatus may further comprise means for repeating the BPSK symbols a selected 
number of times; wherein the means for converting the BPSK converts the repeated 
BPSK symbols. 

[0018] In still a further embodiment, an apparatus for use in authentication may comprise 
a storage medium configured to store a cryptographic key; a processor coupled to the 
storage medium, configured to generate an access code using the cryptographic key; a 
converter coupled to the processor, configured to convert the access code into 
multiple tones encoded with the access code; and an audio output unit coupled to the 
converter, configured to output the multiple tones encoded with the access code for 
authentication; wherein the converter may comprise a binary phase shift keying 
(BPSK) module configured to generate multiple parallel repeated BPSK symbols 
based on the access code; an inverse fast fourier transform (IFFT) module coupled to 
the BPSK module, configured to perform IFFT on the repeated BPSK symbols to 
generate code symbols; and an up-con verter coupled to the EFFT module, configured 
to modulate the code symbols into the multiple tones encoded with the access code. 

[0019] In yet another embodiment, a method for use in authentication may comprise 

storing a cryptographic key; generating an access code using the cryptographic key; 
generating multiple parallel binary phase shift keying (BPSK) symbols based upon 
the access code; repeating the BPSK symbols a selected number of times before 
converting the BPSK symbols; performing inverse fast fourier transform (IFFT) on 
the repeated BPSK symbols to generate IFFT symbols; modulating the IFFT symbols 
into the multiple tones encoded with the access code; and outputting the multiple 
tones encoded with the access code for authentication. 

[0020] In yet another embodiment, an apparatus for use in authentication comprises 

means for storing a cryptographic key; means for generating an access code using the 
cryptographic key; means for generating multiple parallel binary phase shift keying 
(BPSK) symbols based upon the access code; means for repeating the BPSK symbols 
a selected number of times before converting the BPSK symbols; means for 
performing inverse fast fourier transform (IFFT) on the repeated BPSK symbols to 
generate IFFT symbols; means for modulating the IFFT symbols into the multiple 
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tones encoded with the access code; and means for outputting the multiple tones 
encoded with the access code for authentication. 

[0021] Yet in a further embodiment, an apparatus for use in verification may comprise an 
audio input unit configured to receive multiple tones encoded with an access code; a 
converter coupled to the audio input unit, configured to recover the access code from 
the multiple tones encoded with the access code; and wherein the converter may 
comprises a down-converter configured to demodulate the multiple tones into IFFT 
symbols; a fast fourier transform (FFT) module configured to generate multiple 
parallel BPSK symbols from the IFFT symbols; a BPSK module coupled to the 
processor, configured to convert the BPSK symbols into an encoded interleaved bit 
stream of the access code; a de-interleaver coupled to the BPSK module, configured 
to de-interleave the encoded interleaved bit stream; and a decoding module coupled to 
the de-interleaver, configured to recover the access code from the encoded de- 
interleaved bit stream. The apparatus may further comprise a storage medium 
configured to store a cryptographic key; and a processor coupled to the storage 
medium and the converter, configured to verify the access code using the 
cryptographic key and to grant access if the access code is verified. Also, the FFT 
module may convert the multiple tones into repeated sets of BPSK symbols and 
generate a selected set of BPSK symbols; wherein the BPSK module converts the 
selected set of BPSK symbols. 

[0022] In still another embodiment, a method for use in verification may comprise 

receiving multiple tones encoded with an access code; generating multiple parallel 
BPSK symbols from the multiple tones; converting the BPSK symbols into an 
encoded interleaved bit stream of the access code; de-interleaving the encoded 
interleaved bit stream; and recovering the access code from the encoded de- 
interleaved bit stream. Here, performing FFT may comprise generating repeated 
BPSK symbols; wherein the method further comprises generating a selected set of 
BPSK symbols from the repeated BPSK symbols; and wherein performing the BPSK 
comprises converting the selected set of BPSK symbols into the encoded interleaved 
bit stream. Also, performing the FFT may comprise converting the IFFT symbols 
into repeated sets of three BPSK symbols; wherein generating the selected set of 
BPSK symbols comprises selecting three BPSK symbols from the repeated sets of 
three BPSK symbols to generate the selected set of BPSK symbols. Alternatively, 
performing the FFT may comprise converting the IFFT symbols into repeated sets of 
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three BPSK symbols; wherein generating the selected set of BPSK symbols 
comprises selecting one of the repeated sets of three BPSK symbols to generate the 
selected set of BPSK symbols. 
[0023] In still yet another embodiment, an apparatus for use in verification may comprise 
means for receiving multiple tones encoded with an access code; means for 
demodulating the multiple tones into inverse fast fourier transform (IFFT) symbols; 
means for performing fast fourier transform (FFT) to generate repeated BPSK 
symbols from the IFFT symbols; means for generating a selected set of BPSK 
symbols from the repeated BPSK symbols; means for converting the selected set of 
BPSK symbols into an encoded interleaved bit stream of the access code; means for 
de-interleaving the encoded interleaved bit stream; and means for recovering the 
access code from the encoded de-interleaved bit stream. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Various embodiments will be described in detail with reference to the following 
drawings in which like reference numerals refer to like elements, wherein: 

Figure 1 shows a system for digital authentication over an acoustic channel; 
Figure 2 shows an example embodiment of a token; 
Figure 3 shows an example embodiment of a verifier; 

Figure 4 shows an example method for digital authentication using an acoustic 
channel; 

Figure 5A and 5B show examples of BPSK symbols; 
Figure 5C shows an example of a LUT; 

Figure 6 shows an example method for digital verification using an acoustic 
channel; 

Figure 7A and 7B show examples of an original repeated sets of BPSK symbols 
and a recovered repeated sets of BPSK symbols; 

Figure 7C and 7D show examples of selected set of BPSK symbols; 
Figure 8 shows another example embodiment of a token; 
Figure 9 shows another example method for digital authentication using an 
acoustic channel; 

Figure 10 shows another example method for digital verification using an acoustic 
channel; 



[0024] 
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[0037] Figure 1 1 A to 1 ID show other example systems for digital authentication over an 

acoustic channel; 
[0038] Figure 12 shows an example embodiment of a receiver; 
[0039] Figure 13 shows an another embodiment of a receiver; and 
[0040] Figure 14 A and 14B show example housings for a token. 



DETAILED DESCRIPTION 



[0041] Generally, embodiments disclosed use the acoustic channel for digital 

authentication of a user or entity. In the following description, specific details are 
given to provide a thorough understanding of the embodiments. However, it will be 
understood by one of ordinary skill in the art that the embodiments may be practiced 
without these specific detail. For example, circuits may be shown in block diagrams 
in order not to obscure the embodiments in unnecessary details. In other instances, 
well-known circuits, structures and techniques may be shown in detail in order to 
better explain the embodiments. 

[0042] Also, it is noted that the embodiments may be described as a process which is 
depicted as a flowchart, a flow diagram, a structure diagram, or a block diagram. 
Although a flowchart may describe the operations as a sequential process, many of the 
operations can be performed in parallel or concurrently. In addition, the order of the 
operations may be re-arranged. A process is terminated when its operations are 
completed. A process may correspond to a method, a function, a procedure, a 
subroutine, a subprogram, etc. When a process corresponds to a function, its 
termination corresponds to a return of the function to the calling function or the main 
function. 

[0043] Moreover, as disclosed herein, the term "sound wave" refers to acoustic wave or 
pressure waves or vibrations traveling through gas, liquid or solid. Sound waves 
include ultrasonic, audio and infrasonic waves. The term "audio wave" refers to 
sound wave frequencies lying within the audible spectrum, which is approximately 
20Hz to 20kHz. The term "ultrasonic wave" refers to sound wave frequencies lying 
above the audible spectrum and the term "infrasonic wave" refers to sound wave 
frequencies lying below the audible spectrum. The term "storage medium" represents 
one or more devices for storing data, including read only memory (ROM), random 
access memory (RAM), magnetic disk storage mediums, optical storage mediums, 
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flash memory devices and/or other machine readable mediums for storing 
information. The term "machine readable medium" includes, but is not limited to 
portable or fixed storage devices, optical storage devices, wireless channels and 
various other devices capable of storing, containing or carrying codes and/or data. 
The term "tone" refers to a sound wave carrier signal of certain pitch and vibration 
that carry digital data. The term "multiple tones" refers to three or more tones. The 
term "authentication" refers to verification of an identity, and the terms authentication 
and verification will be used interchangeably. 

[0044] Figure 1 shows an example system 100 for digital authentication over an acoustic 
channel. In system 100, a verifier device 1 10 controls access to a secure network, 
system and/or application over a public communication infrastructure such as the 
Internet 120. Although access may be gained through a public communication 
infrastructure other than Internet 120, for purposes of explanation, system 100 will be 
described with reference to Internet 120. 

[0045] To gain access over Internet 120, a device such as a token 130 provides an access 
code to verifier device 110 through a wireless communication device (WCD) 140. 
The access code is communicated from token 130 to WCD 140 through an acoustic 
channel. The access code is generated using a cryptographic key that is securely 
stored within token 130 and is encoded into sound waves for communication. More 
particularly, multi-carrier modulation is used to encode the generated access code into 
multiple tones and corresponding multi-carrier demodulation is used to recover the 
access code from the multiple tones. 

[0046] User of token 130 may also provide a user information such as a username to 

verifier device 110. Here, the user information may be encoded into sound waves and 
communicated along with the access code to WCD 140. Alternatively, the user 
information may be entered directly into WCD 140. WCD 140 may then forward the 
access code and user information to verifier device 1 10 over Internet 120 for 
authentication. In still another alternative embodiment, the user information may be 
an assigned identification number of token 130. Thus, a user need not input the user 
information. The identification number is encoded automatically into sound waves 
along with the access code and communicated to WCD 140. Once access is granted, 
WCD 140 may be used to communicate with the secure network or system. 

[0047] To forward the access code and/or user information, WCD 140 may recover the 
access code and/or user information, if encoded, from the sound waves. WCD 140 
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may then forward the access code and/or user information to verifier device 1 10. 
Alternatively, the sound waves encoded the access code and the sound waves encoded 
with the user information, if encoded, may be transmitted to verifier device 1 10. The 
access code and/or user information may then be recovered from the sound waves by 
verifier device 110. Here, the access code and user information, or the sound waves 
encoded with the access code and/or user information, may be transmitted using any 
known communication technology that allows access to Internet 120 in system 100. 
[0048] Token 130 is typically a portable device that may be small enough to be carried in 
pockets and/or attached to a key chain. Physical possession of token 130 provides an 
aspect of the required verification, in the same manner that the physical possession of 
a key allows an individual to gain access through a locked door. Therefore, token 130 
serves as an authentication tool and, other than communication by sound waves, token 
130 need not have the conventional wireless communication capabilities to directly 
transmit an access code to verifier device 110 over Internet 120 or over other wireless 
and non-wireless infrastructures. Namely, in some embodiments, token 130 does not 
support wireless telecommunication capabilities; and does not include a wireless 
modem, network card and/or other wireless links to a private or public 
communication infrastructure such as Internet 120. As a result, the access code is 
transmitted over Internet 120 by WCD 140. It is to be noted, however, that in 
alternative embodiments, token 130 may be embedded into another device such as a 
wireless phone or a personal data assistant. Also, although WCD 140 is shown as a 
personal desktop computer, it may be various other computing devices such as but is 
not limited to laptop computer, PDAs, wireless phones or security devices of homes, 
offices or vehicles. 

[0049] The access code is generated using a cryptographic key that is securely stored 
within token 130. The cryptographic key may be placed into token 130 at 
manufacture and is not known by the user. Here, two types of cryptographic keys 
may be used for digital authentication, symmetric cryptographic system and 
asymmetric cryptographic system. In symmetric cryptographic system, the secret key 
or symmetric key that is kept secret within token 130 is shared and placed in verifier 
device 110. Token 130 generates a digital signature using a secret key and the digital 
signature is sent to verifier device 1 10 for authentication. Verifier device 1 10 verifies 
the digital signature based the same secret key. In asymmetric cryptographic system, 
a private key and a public key are generated for a user. The public key is shared with 
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verifier device 1 10 while the private key is kept secret within token 130. A digital 
signature is generated using the private key and sent to verifier device 110. Verifier 
device 110 then verifies the digital signature based on the user's public key. 
[0050] In the above description, verifier device 1 10 identifies the cryptographic key that 
corresponds to a user based on the user information sent with the access code. Also, 
verifier device 1 10 may be implemented as part of the secure network or system into 
which a user wants access. Alternatively, verifier device 1 10 may be located 
externally from the secure network or system. Moreover, although Figure 1 show one 
verifier device 1 10, it would be apparent to those skilled in the art that there may be 
more than one verifier device, each controlling access to one or more 
networks/systems . 

[0051] Figure 2 shows a block diagram of an example embodiment of a token 200 and 
Figure 3 shows an example embodiment of a corresponding verifier device 300. 
Token 200 may comprise a storage medium 210 configured to store a cryptographic 
key and a Look-up Table (LUT), a processor 220 configured to generate an access 
code using the cryptographic key, a converter 230 configured to convert the access 
code into multiple tones encoded with the access code using the LUT, and an audio 
output unit 240 configured to output the multiple tones encoded with the access code 
for verification. Verifier device 300 may comprise a storage medium 310 configured 
to store a cryptographic key, a processor 320 configured to generate an access code 
using the cryptographic key, an audio input unit 330 configured to receive multiple 
tones encoded with an access code from a token, and a converter 340 configured to 
recover the access code from the multiple tones. Based on the cryptographic key, 
processor 320 authenticates the access code of the user. 

[0052] More particularly, an access code is converted to and from multiple tones based 

on multi-carrier modulation. Therefore, converter 230 modulates the access code into 
multi-carrier signals and converter 340 demodulates the access code from multi- 
carrier signals using a multi-carrier system. A multi-carrier system is described in co- 
pending U.S. Application No. 10/356,144 and co-pending U.S. Application No. 
10/356,425. In multi-carrier modulation, data stream to be transmitted is divided into 
multiple interleaved bit streams. This results in multiple parallel bit streams having a 
much lower bit rate. Each bit stream is then used to modulate multiple carriers and 
transmitted over separate carrier signals. Typically, multi-carrier modulation involves 
encoding, interleaving, digital modulating, Inverse Fast Fourier Transform (BFFT) 
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processing and up-converting the data stream to be transmitted. Demodulation 
involves down-converting, FFT processing, digital demodulating, de-interleaving and 
decoding the received data stream. In converters 230 and 340, however, the LUT is 
used to facilitate modulation as described below. 
[0053] Converter 230 of token 200 may comprise an encoding module 232, an interleaver 
234, a binary phase shift keying (BPSK) module 236 and a processor 238. Converter 
340 of verifier device 300 may comprise a down converter 341, a FFT module 343, a 
BPSK module 345, a de-interleaver 347 and a decoding module 349. BPSK is a 
known technique of digital modulation that is simple to implement. Although BPSK 
does not result in the most efficient use of an available bandwidth, it is less 
susceptible to noise. Therefore, BPSK is used for converting the code symbols into 
tones. However, modulation techniques other than BPSK may be implemented in 
converters 230 and 340. Also, it should be noted that converter 230 shows a 
simplified multi-carrier modulator based on BPSK. A more typical commercial 
multi-carrier modulator may have additional components such as a preamble 
generator, a serial to parallel (S/P) converter or parallel to serial (P/S) converter. 
Similarly, converter 340 shows a simplified multi-carrier demodulator corresponding 
to converter 230, and a more typical commercial multi-carrier demodulator may also 
have additional components such as a synchronization unit, a S/P converter and a P/S 
converter. 

[0054] Generally, encoding module 232 is configured to encode the bit stream or bit 
stream of the access code. The encoded bit stream are then interleaved into 
interleaved bit streams or code symbols by interleaver 234. BPSK module 236 is 
configured to generate multiple parallel BPSK symbols from the code symbols. More 
particularly, the encoded bit stream are converted from serial to parallel into parallel 
code symbols. The parallel code symbols are then mapped by BPSK module 236 into 
multiple parallel BPSK symbols. Here, the code symbols may be mapped into BPSK 
symbols and then converted from serial to parallel BPSK symbols, or the code 
symbols may be converted from serial to parallel and then mapped into BPSK 
symbols. Also, the number of BPSK symbols correspond to the number of tones 
available in the multi-carrier system. In some embodiments, the multi-carrier tones 
have frequencies in the range from about 1 kHz to 3 kHz and the bandwidth allowed 
for each carrier would depend on the number of tones. For example, if the number of 
available tones is 64, a bandwidth of about 31.25 Hz would be allowed for each 



12 

Attorney Docket No. 030464C1 
carrier. The multiple BPSK symbols generated as described above are converted into 
multiple tones using the LUT and converted from parallel to serial by processor 238. 
By implementing the LUT, BPSK symbols may directly be converted into multiple 
tones without IFFT processing and up-conversion. Detail operations of the LUT will 
be described below with reference to Figures 5. 
[0055] To recover the access code, converter 340 would perform a process that is inverse 
to the process performed by converter 230. Namely, down converter 341 is 
configured to demodulate the multiple tones into multiple parallel IFFT symbols, FFT 
module 343 is configured to perform FFT to generate multiple parallel BPSK 
symbols, BPSK module 345 is configured to convert the BPSK symbols into code 
symbols or encoded interleaved bit stream of the access code, de-interleaver 347 is 
configured to de-interleave the code symbols, and decoding module 349 is configured 
to recover the access code from the encoded code symbols. More particularly, the 
down converter 341 may demodulate the multiple tones into IFFT symbols, a S/P may 
convert the IFFT symbols from serial to parallel, FFT module 343 may perform FFT 
to generate multiple parallel BPSK symbols, BPSK module 345 may convert the 
BPSK symbols into multiple parallel code symbols, de-interleaver 347 may de- 
interleave the code symbols into encoded bit stream, and a P/S may convert the code 
symbols from parallel to serial to be decoded by decoding module 349. Alternatively, 
the multiple tones may be converted from serial to parallel, FFT processed into 
multiple parallel BPSK symbols, converted from parallel to serial, and BPSK 
processed for de-interleaving. Still alternatively, the multiple tones may be converted 
from parallel to serial, FFT processed into multiple parallel BPSK symbols, BPSK 
processed into multiple parallel code symbols, converted from parallel to serial, and 
de-interleaved. 

[0056] As in converters 230 and 340, a more typical token and verifier device may have 
additional components. In some embodiments, token 200 may also comprise an 
amplifier 260 configured to amplify the multiple tones from converter 230, and an 
activator or actuator 270 configured to receive a signal from a user that activates the 
authentication procedure. Actuator 260 may be, but is not limited to, a switch, a 
push-button switch, a toggle switch or a dial or sound activated device. Token 200 
may further comprise a clock module 250 configured to generate a time element. In 
such cases, processor 220 may be configured to generate an access code using the 
cryptographic key and the time element. Similarly, verifier device 300 may also 
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comprise a clock module 350 configured to generate the time element. In such cases, 
processor 320 may be configured to generate an access code using the cryptographic 
key and the time element. 

[0057] In token 200 and verifier device 300, clock modules 250 and 350 are synchronized 
to generate a time element periodically, for example every minute, hour, day or other 
selected increment as needed. This type of authentication is typically referred to as a 
session based authentication since the access code changes with each period of time. 
Also, storage mediums 210 and 310 may be databases of cryptographic keys 
corresponding to different users of a network, system or application. Therefore, user 
information is sent to verifier device 300, as discussed above, such that the 
appropriate cryptographic key is used at verifier 300 in the authentication procedure. 

[0058] Figure 4 shows an example method 400 for transmitting an access code using an 
acoustic channel. For access to a secure network, system or application, an access 
code is generated (410) by processor 220 using a cryptographic key. Thereafter, 
multiple parallel BPSK symbols are generated (420) based upon the access code, and 
the BPSK symbols are converted (430) into multiple tones encoded with the access 
code using the LUT. More particularly, the bit stream of the access code is encoded 
into encoded bit stream. The encoded bit stream may be converted from serial to 
parallel, interleaved into multiple parallel code symbols, BPSK mapped into multiple 
parallel BPSK symbols, and converted into multiple tones using the LUT. 
Alternatively, the encoded bit stream may be interleaved, BPSK mapped and then 
converted from serial to parallel into multiple parallel BPSK symbols for conversion 
into multiple tones. Still alternatively, the encoded bit stream may be interleaved, and 
then converted from serial to parallel into multiple parallel code symbols for BPSK 
processing. Here, the cryptographic key and the LUT may be stored in storage 
medium 210, and processor 238 may convert the BPSK symbols into the multiple 
tones using the LUT stored in storage medium 210. The multiple tones encoded with 
the access code is then output (440) for authentication. 

[0059] More particularly, the LUT is pre-calculated to map the BPSK symbols into 

designated tones. For example, each particular sequences of BPSK symbols may be 
mapped and may correspond to one of various available tones. Therefore, rather than 
performing IFFT on BPSK symbols and modulating the IFFT symbols, the LUT 
converts the BPSK symbols directly into multiple tones. 
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[0060] In some embodiment, to enhance recovery of an access code, the BPSK symbols 
are repeated a selected number of times before converting the BPSK symbols. The 
LUT may then be pre-calculated to map sets of BPSK symbols into multiple tones. 
Figure 5 A to 5C shows an example of a conversion from repeated BPSK symbols into 
corresponding tones. Assuming a sequence of BPSK symbols {01 1 10010} shown in 
Figure 5A, a set of two BPSK symbols {01, 11, 00, 10} are repeated twice into 
repeated BPSK symbols {0101, 1111, 0000, 1010} as shown in Figure 5B. The 
repeated BPSK symbols can then be found in the LUT for conversion into 
corresponding tones. Figure 5C shows an example LUT that may be used for 
converting the twice repeated sets of two BPSK symbols. Here, each one of the LUT 
entries 0000 -1111 correspond to one of tones T1-T16. Based on the LUT, the 
repeated BPSK symbols would correspond to tones {T6, T16, Tl, Tl 1 }. 

[0061] It should be noted that, the BPSK symbols shown in Figure 5A would correspond 
to tones {T8, T3 }if BPSK symbols are not repeated. Also, if repeated, the BPSK 
symbols may be repeated more than twice. Moreover, more than two BPSK symbols 
may be grouped into a set of BPSK symbols and the sets of BPSK symbols may be 
repeated a selected number of times for conversion into multiple tones. Depending on 
the number of BPSK symbols grouped in a set and the number of times the set is 
repeated, the LUT may also be adjusted. For example, a set of three BPSK symbols 
may be repeated three times. In such case, the LUT may have 512 entries ranging 
from 000000000 -111111111. Thereafter, the repeated sets of three BPSK symbols 
may be converted into tones using the LUT. 

[0062] To further enhance recovery of an access code, reference tones with reference 

phases may be added to the multiple tones. The reference tones are then output with 
the multiple tones. Also, the multiple tones may be amplified before outputting the 
multiple tones. In addition, if a clock module is implemented, the access code is 
generated by processor 220 using the cryptographic key and a time element. The 
access code may then be generated, converted and output from token 200 when a user 
inputs a command through actuator 270. 

[0063] Figure 6 shows an example method 600 for verifying an access code using an 
acoustic channel. For verification, multiple tones encoded with an access code is 
received (610) through audio input module 330. The multiple tones are down- 
converted or demodulated (620) by down-converter 341 into multiple parallel EFFT 
symbols. FFT is then performed (630) by FFT module 343 to generate multiple 
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parallel BPSK symbols. The BPSK symbols are converted (640) by BPSK module 
345 into encoded interleaved bit stream or code symbols and de-interleaved (650) by 
de-interleaver 347. More particularly, the multiple tones may be demodulated and 
converted from serial to parallel into multiple parallel IFFT symbols, FFT processed 
into multiple parallel BPSK symbols, BPSK mapped into multiple parallel code 
symbols, and de-interleaved into encoded code symbols. Alternatively, the multiple 
tones may be demodulated, converted from serial to parallel, IFFT processed, and 
then converted from parallel to serial into BPSK symbols for de-interleaving. Still 
alternatively, the multiple tones may be demodulated, converted from serial to 
parallel, FFT processed, BPSK mapped, and then converted from parallel to serial 
into multiple parallel BPSK symbols for de-interleaving. Thereafter, the access code 
is recovered (660) by decoding module 349 from the encoded code symbols. The 
access code is then verified (670) by processor 320 using the cryptographic key and 
access is granted (680) if the access code is verified. Here, the cryptographic key may 
be stored in storage medium 310. 
[0064] In method 600, if the BPSK symbols are repeated for conversion, the multiple 
tones are demodulated and FFT processed into repeated BPSK symbols. A selected 
set of BPSK symbols is then generated from the repeated BPSK symbols and the 
selected set of BPSK symbols are converted into the code symbols or encoded 
interleaved bit stream. Here, BPSK module 345 may generate the selected set of 
BPSK symbols from the repeated BPSK symbols and convert the selected set into 
code symbols. Figure 7A to 7D shows an example generation of the selected set of 
BPSK symbols. 

[0065] As shown, a set of two BPSK symbols are repeated twice into original BPSK 
symbols of A 1 BiA 2 B2CiDiC 2 B2 and demodulated into A'iB^A^B^C'iD'iC'zB^. 
The selected BPSK symbols can be generated by selecting one of the two set the 
repeated BPSK symbol as shown in Figure 7C. Alternatively, the selected BPSK 
symbols can be generated by selecting each BPSK symbol from any one of the 
repeated sets of BPSK symbols as shown in Figure 7D. It should be noted here that 
the multiple tones may be converted into sets of more than two BPSK symbols. For 
example, the multiple tones may be converted into repeated sets of three BPSK 
symbols. In such case, the selected set of BPSK symbols may be generated by 
selecting one of each BPSK symbols from the repeated sets of three BPSK symbols. 
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Alternatively, the selected set of BPSK symbols may be generated by selected one of 
the repeated sets of three BPSK symbols. 

[0066] Moreover, if reference tones with reference phases are received, the multiple tones 
are converted into BPSK symbols using the reference tones. Also, if a clock module 
is implemented, the access code is verified by processor 320 using the cryptographic 
key and a time element. 

[0067] In tokens with limited processing power or speed, the LUT may significantly 

improve the efficiency and performance transmitting an access code using multiple 
tones. However, some embodiments may not implement and use a LUT. Figure 8 
shows another example embodiment of a token 800 that does not use LUT. 

[0068] Token 800 comprises a storage medium 810 configured to store a cryptographic 
key, a processor 820 configured to generate an access code using the cryptographic 
key, a converter 830 configured to convert the access code into multiple tones, and an 
audio output unit 840 configured to output the multiple tones encoded with the access 
code for verification. In some embodiments, token 800 may comprise an amplifier 
860, an activator or actuator 870, and a clock module 880 as implemented by 
amplifier 260, actuator 270 and clock module 280 of token 200. 

[0069] Generally, token 800 implements the same elements as the elements in token 200. 
However, the modulation by converter 830 is not based on a LUT. Accordingly, it 
would not be necessary to store a LUT in storage mediums 810. Also, the process of 
converters 830 is based on the use of repeated BPSK symbols. More particularly, 
converter 830 of token 800 may comprise an encoding module 831 configured to 
encode bit stream of the access code, an interleaver 833 configured to interleave the 
encoded bit stream, a BPSK module 835 configured to convert the interleaved bit 
stream or code symbols into BPSK symbols and to generate a selected number of 
repeated sets of BPSK symbols, IFFT module 837 configured to perform IFFT on the 
repeated BPSK symbols and an up-converter 839 configured to modulate the IFFT 
symbols into multiple tones encoded with the access code. 

[0070] Accordingly, the encoded bit stream are converted from serial to parallel and 

mapped into multiple parallel BPSK symbols. A selected number of repeated sets of 
BPSK symbols are generated from the each parallel BPSK symbols. Namely, 
multiple parallel repeated sets of BPSK symbols are generated and correspond to the 
multiple parallel BPSK symbols. The multiple repeated sets of BPSK symbols may 
then be IFFT processed and converted from parallel to serial for output. Here, the 
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code symbols may be mapped into BPSK symbols and then converted from serial to 
parallel BPSK symbols, or the code symbols may be converted from serial to parallel 
and then mapped into BPSK symbols. 

[0071] Figure 9 shows an example method 900 corresponding to token 800 for 
transmitting an access code using an acoustic channel. For access to a secure 
network, system or application, an access code is generated (910) by processor 820 
using a cryptographic key. Thereafter, multiple parallel repeated sets of BPSK 
symbols are generated (920) based upon the access code and IFFT transform is 
performed (930) to generate IFFT symbols. The IFFT symbols are modulated (940) 
then into multiple tones encoded with the access code and the multiple tones may be 
output (980) by audio output unit 840 for authentication. Here, the cryptographic key 
may be stored in storage medium 810. 

[0072] More particularly, the bit stream of the access code may be encoded, converted 
from serial to parallel, interleaved, and BPSK mapped into multiple parallel BPSK 
symbols. The BPSK symbols of each parallel BPSK symbols are repeated a selected 
number of times as described with reference to Figures 5A to 5C, thereby generating 
multiple parallel repeated set of BPSK symbols for IFFT processing. Alternatively, 
the encoded bit stream may be interleaved, BPSK mapped and then converted from 
serial to parallel into multiple parallel BPSK symbols for repeating. Still 
alternatively, the encoded bit stream may be interleaved, and then converted from 
serial to parallel into multiple parallel code symbols for BPSK processing. 

[0073] Furthermore, as in token 200, reference tones with reference phases may be added 
to the multiple tones and the reference tones may be output with the multiple tones. 
Also, the multiple tones may be amplified before outputting the multiple tones. In 
addition, if a clock module is implemented, the access code is generated by processor 
820 using the cryptographic key and a time element. The access code may then be 
generated, converted and output from token 800 when a user inputs a command 
through actuator 870. 

[0074] While the modulation by converter 830 is not based on the use of a LUT, the 
demodulation may be performed by verifier device 300 and corresponding method 
600 as described with reference to Figures 3 and 6. Accordingly, converter 340 
corresponding with converter 830 may comprise down converter 341 configured to 
demodulate the multiple tones into IFFT symbols, FFT module 343 configured to 
perform FFT to generate repeated BPSK symbols, BPSK module 345 configured to 
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generate a selected set of BPSK symbols from the repeated BPSK symbols and to 
convert the selected set of BPSK symbols into code symbols or encoded interleaved 
bit stream of the access code, de-interleaver 347 configured to de-interleave the code 
symbols, and a decoding module 349 configured to recover the access code from the 
encoded de-interleaved bit stream. As in token 200, modulation techniques other than 
BPSK may also be implemented in converters 830 and 340. 
[0075] Figure 10 shows an example method 1000 corresponding to converter 830 for 
verifying an access code using an acoustic channel. For verification, multiple tones 
encoded with an access code is received (1010) through audio input module 330. The 
multiple tones are down-converted or demodulated (1020) by down-converter 341 
into IFFT symbols. FFT is then performed (1030) by FFT module 343 to generate 
repeated BPSK symbols and a selected set of BPSK symbols are generated (1040) 
from the repeated BPSK symbols. Here, the selected set of BPSK symbols may be 
generated as described with reference to Figures 7A to 7D. The selected BPSK 
symbols are converted (1050) by BPSK module 345 into encoded interleaved bit 
stream or code symbols of the access code. Thereafter, the encoded interleaved bit 
stream is de-interleaved (1060) by de-interleaver 347 and the access code is recovered 
(1070) by decoding module 949 from the encoded de-interleaved bit stream. The 
access code is then verified (1080) by processor 320 using the cryptographic key 
stored in storage medium 910 and access is granted (1090) if the access code is 
verified. 

[0076] As in verifier device 300, if reference tones with reference phases are received, 

the multiple tones are converted into IFFT symbols using the reference tones. Also, if 
a clock module is implemented, the access code is verified by processor 320 using the 
cryptographic key and a time element. 

[0077] As described above, an access code and/or password may be encoded into 

multiple tones, transmitted through a public communication infrastructure such as 
Internet 120, recovered from multiple tones, and verified to access a secure network, 
system and/or application. 

[0078] While system 100 show one example, there may be other systems for digital 

authentication over an acoustic channel. Figures 11 A to 1 ID show some additional 
example systems for digital authentication over an acoustic channel. In Figure 11 A, 
multiple tones encoded with an access code may be output and transmitted from a 
token 1 1 10 to a receiver device 1120. The access code is then forwarded from 
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receiver device 1 120 to a verifier device 1 130 through a wireless or non-wireless 
communication infrastructure 1140. In Figure 11B, the multiple tones encoded with 
an access code is output and transmitted from token 1 1 10 to receiver device 1 120 
through a wireless or non-wireless phone 1 150. Thereafter, the access code is 
forwarded from receiver device 1 120 to a verifier device 1130 through a wireless or 
non-wireless communication infrastructure 1140. In Figures 11A and 11B, receiver 
device 1 120 is implemented remotely from verifier device 1 130. In such cases, 
receiver device 1 120 may be implemented non-remotely or as part of verifier device 
1 130 as shown in Figure 1 1C. In Figure 1 1C, token 1110 outputs the multiple tones 
encoded with the access code directly to a receiver/ verifier device 1 160. 
Alternatively, the multiple tones encoded with the access code may be output and 
transmitted from token 1 110 to receiver/verifier 1 160 through a wireless or non- 
wireless phone 1150. 

[0079] The multiple tones encoded with the access code may thus be forwarded from 

receiver device 1 120 to verifier device 1 130, and verifier device 1 130 may recover the 
access code. In some embodiments, the access code may be first be recovered from 
the multiple tones and then the recovered access code may be forwarded from 
receiver device 1 120 to verifier device 1 130 for authentication. Figure 12 shows one 
example of a receiver 1200 corresponding to token 200 and Figure 13 shows another 
example of a receiver 1300 corresponding to token 800, for recovering an access 
code. 

[0080] Receiver 1200 comprises a storage medium 1210 configured to store a LUT 
corresponding to the LUT in storage medium 210, an audio input unit 1220 
configured to receive multiple tones encoded with an access code from a user of a 
token, and a converter 1230 configured to recover the access code from the multiple 
tones using the LUT. Converter 1230 may comprise a processor 1232 configured to 
convert the multiple tones into BPSK symbols using the LUT, a BPSK module 1234 
is configured to perform demodulation based on BPSK to convert the BPSK symbols 
into code symbols or encoded interleaved bit stream of the access code, a de- 
interleaver 1236 is configured to de-interleave the code symbols, and a decoding 
module 1238 is configured to recover the access code from the encoded code 
symbols. 

[0081] Receiver 1300 comprises an audio input unit configured to receive sound waves 
encoded with an access code from a user of a token, and a converter 1320. Converter 
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1320 may comprise a down converter 1321 configured to demodulate the multiple 
tones into EFFT symbols, a FFT module 1323 configured to perform FFT to generate 
repeated BPSK symbols, a BPSK module 1325 configured to generate a selected set 
of BPSK symbols from the repeated BPSK symbols and to convert the selected set of 
BPSK symbols into encoded interleaved bit stream of the access code, a de- 
interleaver 1327 configured to de-interleave the encoded interleaved bit stream, and a 
decoding module 1329 configured to recover the access code from the encoded de- 
interleaved bit stream. 

[0082] Generally, a method corresponding to receiver 1200 for recovering an access code 
also corresponds to the method described with reference to Figure 6. However, 
verification of a recovered access code and granting access based on the access code 
is not performed by receiver 1200. Similarly, a method corresponding to receiver 
1300 for recovering an access code also corresponds to the method described with 
reference to Figure 11. However, verification of a recovered access code and granting 
access based on the access code is not performed by receiver 1300. 

[0083] Accordingly, an access code and/or password may be encoded into and recovered 
from multiple tones. By using the acoustic channel to input an access code for 
authentication, there is no need for a display or a constant computation needed for 
displaying an access code, thereby elongating the battery life of a token. Moreover, 
since the access code is not manually entered by a user, less errors are less likely to 
occur, especially in a system that requires a user to input an access code more than 
once during each access. In addition, because a standard speaker and/or microphone 
may be used, the system can easily be implemented without incurring significant cost. 

[0084] Finally, embodiments may be implemented by hardware, software, firmware, 

middleware, microcode, or any combination thereof. When implemented in software, 
firmware, middleware or microcode, the program code or code segments to perform 
the necessary tasks may be stored in a machine readable medium such as storage 
medium 210, 310, 810, 1210 or a separate storage medium (not shown). A processor 
such as processor 220, 230, 820 or a separate processor (not shown) may perform the 
necessary tasks. A code segment may represent a procedure, a function, a 
subprogram, a program, a routine, a subroutine, a module, a software package, a class, 
or any combination of instructions, data structures, or program statements. A code 
segment may be coupled to another code segment or a hardware circuit by passing 
and/or receiving information, data, arguments, parameters, or memory contents. 
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Information, arguments, parameters, data, etc. may be passed, forwarded, or 
transmitted via any suitable means including memory sharing, message passing, token 
passing, network transmission, etc. 

[0085] Furthermore, it should be apparent to those skilled in the art that the elements of 
tokens 200 and 800 may be rearranged without affecting the operation of the token. 
Similarly, the elements of verifier device 300 and/or receivers 1200, 1300 may be 
rearranged without affecting the operations thereof. In addition, elements of tokens 
200, 800; verifier device 300; and/or receivers 1200, 1300 may be implemented 
together. For example, processor 238 may be implemented together with processor 
220 and processor 348 may be implemented together with processor 320. 

[0086] Moreover, in some embodiments, a token may be implemented with a display. 

Figure 14A shows an example embodiment of a token having a housing element 1410 
implemented with a display 1420, actuator 1430 and audio output unit 1440. Figure 
14B shows another example embodiment of a token having a housing element 1450 
implemented with a display 1460, an actuator 1470, an audio output unit 1480 and an 
opening 1480 through housing element 1450. 

[0087] Therefore, the foregoing embodiments are merely examples and are not to be 

construed as limiting the invention. The description of the embodiments is intended 
to be illustrative, and not to limit the scope of the claims. As such, the present 
teachings can be readily applied to other types of apparatuses and many alternatives, 
modifications, and variations will be apparent to those skilled in the art. 



